Evidence - PowerPoint PPT Presentation

About This Presentation
Title:

Evidence

Description:

Search must have probable cause. 4th amendment search warrant ... Business record exemption to hearsay rule. Documents can be admitted if created during normal ... – PowerPoint PPT presentation

Number of Views:18
Avg rating:3.0/5.0
Slides: 18
Provided by: busi233
Category:

less

Transcript and Presenter's Notes

Title: Evidence


1
Evidence
  • Computer Forensics

2
Law Enforcement vs. Citizens
  • Search must have probable cause
  • 4th amendment search warrant
  • Private citizen not subject to 4th amendment
  • Private citizen may be a police agent

3
Role of Evidence
  • Material offered to judge and jury
  • May directly or indirectly prove or disprove the
    crime has been committed
  • Evidence must be tangible
  • Electrical voltages are intangible
  • Hard to prove lack of modification

4
Evidence Requirements
  • Material relevant to case
  • Competent proper collection, obtained legally,
    and chain of custody maintained
  • Relevant pertains to subjects motives and
    should prove or disprove a fact

5
Chain of Custody
  • Who obtained it?
  • Where and when was it obtained?
  • Who secured it?
  • Who had control or possession?
  • How was it moved?

6
Types of Evidence
  • Best
  • Primary, original documents, not oral
  • Secondary
  • Copies of documents, oral, eyewitness
  • Direct
  • Can prove fact by itself
  • Does not need corroborative information
  • Information from witness

7
More Types
  • Conclusive
  • Irrefutable and cannot be contradicted
  • Circumstantial
  • Assumes the existence of another fact
  • Cannot be used alone to prove the fact
  • Corroborative
  • Supporting evidence
  • Supplementary tool

8
More Types
  • Opinion
  • Experts give educated opinion
  • Hearsay
  • No firsthand proof
  • Computer generated evidence
  • Real
  • Physical evidence
  • Tangible objects

9
More Types
  • Documentary
  • Records, manuals, printouts
  • Most evidence is documentary
  • Demonstrative
  • Aids jury in the concept
  • Experiments, charts, animation

10
Hearsay Rule Exception
  • Business record exemption to hearsay rule
  • Documents can be admitted if created during
    normal business activity
  • This does not include documents created for a
    specific court case
  • Regular business records have more weight
  • Federal rule 803(6)
  • Records must be in custody on a regular basis
  • Records are relied upon by normal business

11
Before the Crime Happens
  • Select an Incident Response Team (IRT)
  • Decide whether internal or external
  • Set policies and procedures
  • If internal, include
  • IT
  • Management
  • Legal
  • PR

12
Incident Handling
  • First goal
  • Contain and repair damage
  • Prevent further damage
  • Collect evidence

13
Evidence Collection
  • Photograph area
  • Dump contents from memory
  • Power down system
  • Photograph internal system components
  • Label each piece of evidence
  • Bag it
  • Seal
  • Sign

14
Forensics
  • Study of technology and how it relates to law
  • Image disk and other storage devices
  • Bit level copy (deleted files, slack space,etc)
  • Use specialized tools
  • Further work will be done on copy
  • Create message digest for integrity

15
Thing to Look For
  • Hidden Files
  • Steganography
  • Slack Space
  • Malware
  • Deleted Files
  • Swap Files

16
Trapping the Bad Guy
  • Enticement
  • Legal attempt to lure a criminal into committing
    a crime
  • Provide a honeypot in your DMZ
  • Pseudo flaw (software code)
  • Padded cell (virtual machine)
  • Entrapment
  • Illegal attempt to trick a person into committing
    a crime

17
Liability
  • Company must practice due care
  • Management must practice due diligence
  • Follow the prudent person rule
  • Watch for downstream liabilities
Write a Comment
User Comments (0)
About PowerShow.com